League of Legends Hacked, Some (Encrypted) Credit Cards At Risk

One of the most popular online games on the planet has been attacked by hackers.

Riot Games, the company behind the huge multiplayer online battle arena game League of Legends, announced today that "a portion" of North American accounts have been compromised.

Hackers were able to access usernames, email addresses, encrypted passwords, and some names, Riot said. The hackers also accessed some encrypted credit cards that were used in 2011:

Additionally, we are investigating that approximately 120,000 transaction records from 2011 that contained hashed and salted credit card numbers have been accessed. The payment system involved with these records hasn't been used since July of 2011, and this type of payment card information hasn't been collected in any Riot systems since then.

You can change your League of Legends password right here. Riot says they'll be adding new security features as well:

As a measure to make your accounts safer, within the next 24 hours we’ll require players with accounts in North America to change their passwords to stronger ones that are much harder to guess. At such time, you’ll be automatically prompted to change your password when you attempt to log in to the game. If you’d prefer, please click here to change your password now.

Additionally, new security features that are currently in development include:

  • Email verification: all new registrations and account changes will need to be associated with a valid email address (we’ll also require all existing players to provide a valid email address).
  • Two-factor authentication: changes to account email or password will require verification via email or mobile SMS.

Other useful info, via our friends at Lifehacker: how to ensure your password is secure, and how to keep track of all those secure passwords.